AccessControlUtil looks up an Authorizable where it does not need to.

AccessControlUtil looksup an Authoriable in replaceAccessControlEntry, only to get the Id of the authorizable for a debug statement that asserts the ID is the principalId. Firstly authorizableId might not be principalId, and secondly its perfectly possible to have principals that dont have authorizables. Its a small patch, with no impact, I will fix.